CodingForums.com

CodingForums.com (http://www.codingforums.com/index.php)
-   General web building (http://www.codingforums.com/forumdisplay.php?f=10)
-   -   js injection attack ,akamaihd.net (http://www.codingforums.com/showthread.php?t=285295)

BubikolRamios 01-05-2013 01:14 AM
js injection attack ,akamaihd.net
 
Code:
<a id="_GPLITA_0" title="Click to Continue > by Browse to Save" style="text-decoration:underline" href="#" in_rurl="http://i.trkjmp.com/click?v=U0k6MTY4NjA6NjpwYWdlOmRlMmY1MTlmYWI3MTBiYTViZjQzYmU1MDMxZTdjZGFmOnotMTA2My0xMDMxODc6YWdyb3pvby5uZXQ6MTI1NTA6MDFiMmZjY2M5MmYyODQ5MDg4M2VjNjc4ZTI5YjQ2MDk" in_hdr="">Page</a>
besides 'page' nothing is mine. Where/What to look at ?

the thing is comming from akamaihd.net

Code:
00:00:09.480        0.542        412        (11811)        GET        304        application/x-javascript        http://cdncache-a.akamaihd.net/loaders/1063/l.js?aoi=1311798366&pid=1063&zoneid=103187
00:00:09.498        0.500        354        183        GET        200        application/javascript        http://shpr.co/code/fsave/js/fs.js?subid=402&ex=20&uid=50e771b91be163.69808238
00:00:10.021        0.315        446        163        GET        200        application/javascript        http://shpr.co/code/fastsave/js/w.js?v=19273&subid=402&ex=20&uid=50e771b91be163.69808238&callback=fastSaveFrontend.display&url=attacked.web.page.address
00:00:10.398        0.115        364        (1924)        GET        (Cache)        application/x-shockwave-flash        http://cdncache-a.akamaihd.net/items/e6a00/storage.swf
00:00:10.540        0.154        300        (448)        GET        (Cache)        application/x-javascript        http://cdncache-a.akamaihd.net/items/it/data/ac.js
00:00:10.561        0.289        361        (239)        GET        304        application/javascript        http://cdncache-a.akamaihd.net/js/4756e6e2f6f6a7f6277616/r.jsg
00:00:10.695        0.113        299        (7616)        GET        (Cache)        application/javascript        http://cdncache-a.akamaihd.net/items/it/js/itn.js
00:00:10.809        0.100        359        (1559)        GET        (Cache)        application/x-shockwave-flash        http://cdncache-a.akamaihd.net/items/it/swf/f.swf
00:00:10.994        0.133        523        (267)        GET        (Cache)        text/xml        http://i.trkjmp.com/crossdomain.xml
00:00:11.178        0.652        653        528        POST        200        text/javascript        http://i.trkjmp.com/kwd?c=Ojo6YWdyb3pvby5uZXQ6ei0xMDYzLTEwMzE4Nw%3D%3D&cb=_GPL.items.a652c.displayKeywords

BubikolRamios 01-05-2013 02:38 AM
Ok, with some luck this is local, on client.
To get that killed:
Look at extensions and remove / disable : "Save as" extension.

Removed that from FF and GC, In IE disable & remove are disabled,
have no idea how to clear IE.


All times are GMT +1. The time now is 09:29 PM.

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.